1. Field of the Invention
This invention relates generally to a public key infrastructure (PKI) based security architecture for a wireless vehicle communications network and, more particularly, to a system and method for maintaining certificates and certificate revocation lists in a PKI based security architecture for a vehicle wireless communications network that includes separating a country, or other area, into geographic regions and assigning region specific certificates to the vehicles.
2. Discussion of the Related Art
Traffic accidents and roadway congestion are significant problems for vehicle travel. Vehicular ad-hoc network based active safety and driver assistance systems are known that allow a vehicle communications system to transmit messages to other vehicles in a particular area with warning messages about dangerous road conditions, driving events, accidents, etc. In these systems, multi-hop geocast routing protocols, known to those skilled in the art, are commonly used to extend the reachability of the warning messages, i.e., to deliver active messages to vehicles that may be a few kilometers away from the road condition, as a one-time multi-hop transmission process. In other words, an initial message advising drivers of a potential hazardous road condition is transferred from vehicle to vehicle using the geocast routing protocol so that vehicles a significant distance away will receive the messages because one vehicle's transmission distance is typically relatively short.
The safety critical nature of vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) applications makes it necessary that V2X messages be protected from spoofing, alteration and replay. To ensure the integrity of V2X messages, PKI based security architectures are being actively investigated.
Each principal in a PKI system has a pair of keys, namely a private key and a public key. The private key is known only to the principal and the public key can be shared with other entities in the system. The keys can be visualized as a pair of functions Pr and Pu representing the private and public keys, respectively, and having the property M=Pr(Pu(M)) and M=Pu(Pr(M)), where M is the message that is to be secured using the keys. To ensure message integrity, the sender of the message signs the message with its private key, and adds this signature to the message. Upon receiving the message, the recipient can verify the signature of the message using the sender's public key.
A fundamental problem in the PKI architecture is the exchange of the public keys without compromising them. One widely accepted solution is for a trusted entity, known as a certifying authority (CA), to digitally sign data structures, known as certificates, that state the binding nature between names and public keys. In the case of the IEEE 1609.2 standard, a certificate includes several fields, namely the public key, geographic scope or region of the certificate, a certified revocation list series number associated with the certificate, the expiration time of the certificate and the signature of the CA. In order to verify the certificates signed by the CA, the public key of the CA must be available at each entity of the PKI system. Because the distribution of all of the certificates issued by the CA is impractical, the IEEE 1609.2 standard specifies that a sender should add its certificate to a signed message.
The efficient operation of PKI based security architectures in a vehicular network requires that vehicles have access to revocation information in a timely manner. Certified revocation lists (CRLs) are the primary mechanism through which revocation information is disseminated in a PKI based framework. A CRL is a message signed by a certifying authority (CA) listing all certificates in a network that are revoked. Therefore, if an entity sends spurious or other unwanted messages, it can be put on the CRL so that messages sent by that entity can be discarded by other users.
Only CAs can generate CRLs, and thus are messages signed by the CA using the private key of the CA. Each vehicle verifies the CRL message by using the public key of the CA. The entries in a CRL include a list of all revoked certificates, the CRL series number that the CRL is associated with, the time period that the CRL covers, the time at which a CRL for the CRL series will be next issued and the signature of the CA. Updating the CRLs is more difficult in the vehicular network because the vehicle is only intermittently connected to the back-end certifying authority.
In the vehicular context with long product lifetimes, if the certificates assigned to an on board unit (OBU) for the communications network on a vehicle are not renewed during a lifetime of the vehicle, they have an expiration time on the order of years. Moreover, a number of OBUs in a nationwide vehicular network could be as large as 500 million. Hence, the size of the CRLs in a vehicular network is likely to be extremely large.
The vehicular environment imposes constraints on the manner in which revocation information can be acquired by an OBU, and the amount of revocation information that can be stored at each OBU. The former is due to the lossy nature of broadcast transmissions over the wireless medium, and the fact that an OBU has intermittent connectivity to the wired infrastructure network deployed along the roadside. Moreover, the amount of revocation information that can be stored at each OBU is limited by the memory available at the OBU.
Existing methods to reduce the size of CRLs include delta CRLs and segmentation of CRLs. In the delta CRL case, the CA issues CRLs containing all the certificates revoked within a given time window. The CA can also segment CRLs into different CRL series numbers. For segmentation of CRLs, the CA maps each certificate to a specific CRL series number, which is a given field in the certificate. Later on, when distributing CRLs, the CA bundles all of the revoked certificates corresponding to a given CRL series number into a single CRL. Consider an OBU that wants to ascertain the possible revoke status of the senders certificate. The OBU needs to only obtain the most recent CRL with the CRL series number associated with the sender's certificate.